is it possible that security group rules are modified by group admins only?

I would like only group admins to allow modifying the security group and their rules. Right now every member can edit/delete secgroup rules which could be troublesome. I was wondering if this was possible?

1 answer

OpenStack authorization policies can be controlled by policy.json. Each component will have their own policy.json file in /etc/<component_name>/policy.json. In that json, each & every distinct action is mapped to a RBAC rule.